diff options
| -rw-r--r-- | proxy/examples/gssproxy-example.conf | 1 | ||||
| -rw-r--r-- | proxy/src/gp_config.c | 7 | ||||
| -rw-r--r-- | proxy/src/gp_init.c | 46 | ||||
| -rw-r--r-- | proxy/src/gp_proxy.h | 4 | ||||
| -rw-r--r-- | proxy/src/gssproxy.c | 3 |
5 files changed, 61 insertions, 0 deletions
diff --git a/proxy/examples/gssproxy-example.conf b/proxy/examples/gssproxy-example.conf index 3894dd3..7067abf 100644 --- a/proxy/examples/gssproxy-example.conf +++ b/proxy/examples/gssproxy-example.conf @@ -8,6 +8,7 @@ krb5_keytab = /etc/krb5.keytab krb5_ccache = /run/user/%u/krb5cc trusted = yes + kernel_nfsd = yes euid = 0 [service/gssproxy] diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index e6ad49c..20e1b73 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -194,6 +194,13 @@ static int load_services(struct gp_config *cfg, dictionary *dict) } } + value = get_char_value(dict, secname, "kernel_nfsd"); + if (value != NULL) { + if (option_is_set(value)) { + cfg->svcs[n]->kernel_nfsd = true; + } + } + ret = setup_service_creds_handle(cfg->svcs[n]); if (ret) { goto done; diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c index c0cdb92..8d0ebd8 100644 --- a/proxy/src/gp_init.c +++ b/proxy/src/gp_init.c @@ -28,6 +28,9 @@ #include <sys/stat.h> #include <locale.h> #include <signal.h> +#include <fcntl.h> +#include <errno.h> +#include <string.h> #include "gp_proxy.h" void init_server(bool daemonize) @@ -130,3 +133,46 @@ verto_ctx *init_event_loop(void) return vctx; } +void init_proc_nfsd(struct gp_config *cfg) +{ + char buf[] = "1"; + bool enabled = false; + int fd, i, ret; + + /* check first if any service enabled kernel support */ + for (i = 0; i < cfg->num_svcs; i++) { + if (cfg->svcs[i]->kernel_nfsd == true) { + enabled = true; + break; + } + } + + if (!enabled) { + return; + } + + fd = open(LINUX_PROC_USE_GSS_PROXY_FILE, O_RDWR); + if (fd == -1) { + ret = errno; + GPDEBUG("Failed to open %s: %d (%s)\n", + LINUX_PROC_USE_GSS_PROXY_FILE, + ret, strerror(ret)); + return; + } + + ret = write(fd, buf, 1); + if (ret != 1) { + GPDEBUG("Failed to write to %s: %d (%s)\n", + LINUX_PROC_USE_GSS_PROXY_FILE, + ret, strerror(ret)); + return; + } + + ret = close(fd); + if (ret == -1) { + GPDEBUG("Failed to close %s: %d (%s)\n", + LINUX_PROC_USE_GSS_PROXY_FILE, + ret, strerror(ret)); + return; + } +} diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index c599eee..beddf61 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -34,6 +34,8 @@ #define _(STRING) gettext(STRING) +#define LINUX_PROC_USE_GSS_PROXY_FILE "/proc/net/rpc/use-gss-proxy" + #define GP_CRED_KRB5 0x01 struct gp_cred_krb5 { @@ -48,6 +50,7 @@ struct gp_service { char *name; uid_t euid; bool trusted; + bool kernel_nfsd; uint32_t mechs; struct gp_cred_krb5 krb5; @@ -84,6 +87,7 @@ void free_config(struct gp_config *config); void init_server(bool daemonize); void fini_server(void); verto_ctx *init_event_loop(void); +void init_proc_nfsd(struct gp_config *cfg); /* from gp_socket.c */ int init_unix_socket(const char *file_name); diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c index 498ee59..f1f0d13 100644 --- a/proxy/src/gssproxy.c +++ b/proxy/src/gssproxy.c @@ -103,6 +103,9 @@ int main(int argc, const char *argv[]) return 1; } + /* special call to tell the Linux kernel gss-proxy is available */ + init_proc_nfsd(gpctx->config); + vctx = init_event_loop(); if (!vctx) { return 1; |